Steps to Protect your Password
The easiest way for a hacker to get free rein on your website is for them to get your login details. Your username is often easy to guess. This means that you absolutely must know how to protect your password from hackers. Here is a quick guide to help.
Protect Your Password From Hackers
Sadly, there is no single, one-size-fits-every-situation answer to the question of how to protect your password from hackers. The good news, however, is that there are a lot of individual steps you can take which, collectively, offer a lot of protection.
1. Choose a genuinely strong and unique password
The issue of password-management is one of the hottest topics in security. It's common knowledge that the average person simply cannot remember all the strong and unique passwords they are supposed to use for their various online accounts. Some people deal with this by using password-managers, but this is controversial.
To keep the matter simple, let's make it this, you do need a genuinely strong and unique password for anything to do with your website. That means your hosting console and your FTP/sFTP server as well as your website itself. If you recycle the same password you use for other accounts, or even a variation of it, you are asking for trouble from hackers.
2. Implement two-factor authentication wherever possible
TFA is available for WordPress and for many other content management systems. It offers significant extra protection compared to a password on its own. Remember, however, that TFA is not a silver bullet for security. It can be compromised, especially if it's implemented via text messaging rather than via a token as is generally the case with SMBs. It should never be regarded as a justification (read excuse) for using a weak password.
3. Make sure you have robust anti-malware protection
Firstly, you need a website vulnerability scanner for your website. Different products will have different features but every decent website vulnerability scanner will have anti-malware protection and a web applications firewall.
Secondly, you need a robust anti-malware product, with an integrated firewall, for any device used to connect to the back-end of your website. In fact, you should have one for any device used to connect to the internet. There's no point in spending time, energy, and money protecting your website from hackers if they can just compromise one of your regular computers or mobile devices and get your account details that way.
4. Be careful where you connect to the back-end of your website
Ideally, you should only connect to the back-end of your website over a trusted connection. If, however, you need to use questionable connections, like public WiFi hotspots, especially free ones, then you must use a virtual private network.
5. Limit the number of internal users, especially administrators
The fewer passwords you have, especially the fewer administrator passwords you have, the fewer passwords can be attacked by hackers. To stop administrators from “accumulating”, make sure you have a clear process for revoking their access as soon as it ceases to be needed.
6. Give all users their own credentials and make them responsible for their safety
Even though you want to minimize the number of users, especially admin users, you need to be able to keep track of who is doing what, or not doing what. This means that each user needs their own set of credentials for their exclusive use. Sharing credentials needs to be explicitly banned and this ban has to be enforced and, if necessary, backed up with sanctions.
For this to work in practice, there needs to be a straightforward route for users to be created and this needs to be communicated to all relevant staff.
7. Implemented automated measures to make it harder to attack passwords
There are three useful steps you can take on WordPress and most, if not all CMSs, which can do a lot to enhance the safety of your passwords and hence your website.
Firstly, change your default login page. You don't need to change it too significantly from the default, especially since you still need it to make sense to users. You do, however, want to change it at least slightly as most hackers will know the default login pages for the main CMSs.
Secondly, block users after a certain number of failed password attempts. Keep this number fairly low, three is usual. This limits the opportunities to crack a password by brute force.
Thirdly, log out users after a certain period of inactivity. This stops people “borrowing” login details and using them to create other accounts. Remember, sad as it is to say, threats can come from inside an organization as well as from the outside.
Please click here now to have your website scanned, for free, by cWatch from Comodo.